GitHub Secrets sometimes empty

Recently I started noticing automatically created PR’s (like created by Dependabot) failing due to empty Secrets.

When re-running the jobs all Secrets work again.

The GITHUB_TOKEN does not seem to be affected.

image

That change was intentional, because of a potential security problem:

1 Like

Completely missed that, thank you.

1 Like

What’s the fix for this? How do I get back to Dependabot working as expected in the most secure fashion?

Depends on the details of your workflow, but the changelog entry links to this article which discusses dangers and possibilities: